DAST

Dynamic Analysis Security Testing looks at an application’s behavior while it runs. There are several practices that fall under DAST. Vulnerability assessment identifies the threats to the organization’s assets and recommends and prioritizes remediation strategies.

PenTesting

The most aggressive form of DAST is penetration testing or pentesting. There are two approaches to pentesting:

In black-box or external testing the auditor accesses the network from a remote location and is not aware of any internals beforehand. Essentially, the auditor is in the same position as an attacker.
In white-box or internal testing the auditor gets access to information about the system’s internals.

Pentesting goes beyond vulnerability assessment and moves into exploitation, privilege escalation and maintaining access.

Previous: Threat Model

Please Join the Discussion Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Create a free website or blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Follow Following

Secure Cloud Development

Join 45 other followers

Already have a WordPress.com account? Log in now.

Secure Cloud Development

Customize

Follow Following

Sign up

Log in

Copy shortlink

Report this content

View post in Reader

Manage subscriptions

Collapse this bar

%d bloggers like this:

PenTesting

Share this:

Like this:

Please Join the Discussion Cancel reply